High-profile attacks in recent years targeting the X.509 Public Key Infrastructure (PKIX) used for securing Internet communication have underlined the urgency of the need for technology capable of plugging the security hole in the PKIX ecosystem. It is against this background that the IETF has developed the DANE protocol, based on the DNS. Entitled “Securing Internet communications end-to-end with DANE“, the 12th issue paper published by Afnic explains what DANE is and how this protocol can provide the necessary confidence in the last mile infrastructure by using DNSSEC.
In a dozen pages with graphics, the document:
- discusses the conditions that created the need for technology such as DANE;
- presents the solution used to deploy an end-to-end security mechanism for the Internet;
- addresses the various features of DANE;